<?php 
require("../connection.php");
if(!isset($_POST['password1']) && !isset($_POST['password2']))
{
	echo "Fyll inn alle felter, din gris!";	
}
else
{
	$pass1 = md5($_POST['password1']);
	$pass2 = md5($_POST['password2']);
	$uid   = $_POST['uid'];
	
	$sql = "SELECT password FROM user WHERE id = :uid AND password = :password";
	$sth = $db->prepare($sql);
	$sth->bindParam(":uid",$uid);
	$sth->bindParam(":password",$pass1);
	$sth->execute();
	if($sth->rowCount()<1)
	{
		echo "Passordet du oppga er feil, prøv igjen ;)";
	}
	else
	{
		$sql = "UPDATE user SET password = :password WHERE id=:uid";
		$sth = $db->prepare($sql);
		$sth->bindParam(":password",$pass2);
		$sth->bindParam(":uid",$uid);
		$sth->execute();
		echo "Passordet ble endret :D";
}
}
?>